vt-password: improvement idea - excludable characters in password generation
61 views
Skip to first unread message
Oli
Oct 14, 2014, 10:47:06 AM10/14/14
to vt-middle...@googlegroups.com
Hi there,
while automatically generating passwords according to a policy (at least 1 uppercase, 1 lowercase character and 1 digit with a given length) I stumbled across the following issue. Some generated passwords are hard to read because they contain e.g. O o 0 (uppercase O, lowercase o, zero = 0). This applies also for other characters like the lowercase l. Depending on the used font family and style the passwords can be hard to "decode". So the users have to "guess" and try&error until they found the right writing of their password.
So I would like to sugguest to extend the DigitCharacterRule, LowercaseCharacterRule, NonAlphaNumericCharacterRule and UppercaseCharacterRule as described by the following code snippet:
With this approach you can use the newly added constructor for generating readable passwords while for validating passwords you can still use the "old" constructor with all characters allowed.
Regards Oli
while automatically generating passwords according to a policy (at least 1 uppercase, 1 lowercase character and 1 digit with a given length) I stumbled across the following issue. Some generated passwords are hard to read because they contain e.g. O o 0 (uppercase O, lowercase o, zero = 0). This applies also for other characters like the lowercase l. Depending on the used font family and style the passwords can be hard to "decode". So the users have to "guess" and try&error until they found the right writing of their password.
So I would like to sugguest to extend the DigitCharacterRule, LowercaseCharacterRule, NonAlphaNumericCharacterRule and UppercaseCharacterRule as described by the following code snippet:
public class UppercaseCharacterRule extends AbstractCharacterRule
{
...
// add a third constructor
// giving the user the ability to exclude special characters for password generation
public UppercaseCharacterRule(final int num, final String[] excludeChars)
{
setNumberOfCharacters(num),
excludeCharacters(excludeChars);
}
...
// add a method to "delete" unwanted characters
public void excludeCharacters(final String[] excludeChars)
{
for (String exChar : excludeChars)
{
allowedCharacters = allowedCharacters.replace(exChar,"");
}
}
...
}
Regards Oli
dfisher
Oct 22, 2014, 11:13:16 AM10/22/14
to vt-middle...@googlegroups.com
The vt-password project has finished incubation and we're only doing security patches at this point.
The next incarnation of this code is being developed at: www.passay.org
Your concerns will be addressed by the new API.
--Daniel Fisher
Oli
Oct 23, 2014, 4:24:40 AM10/23/14
to vt-middle...@googlegroups.com
Hi Daniel,
thanks for the info. Is passay already production ready? As I can't find any roadmap: do you have any estimated release date of the version including the new API you talked about? Could you use my contribution or did you choose a differrent approach? Do you need any additional info or can you copy this ticket over to passay?
Sorry for the amount of questions :).
Oli
thanks for the info. Is passay already production ready? As I can't find any roadmap: do you have any estimated release date of the version including the new API you talked about? Could you use my contribution or did you choose a differrent approach? Do you need any additional info or can you copy this ticket over to passay?
Sorry for the amount of questions :).
Oli
dfisher
Oct 24, 2014, 5:07:42 PM10/24/14
to vt-middle...@googlegroups.com
We're hoping to cut a 1.0 release in the next two weeks.
I'll post back to this thread when the API has been updated so you can take a look.
--Daniel Fisher
Reply all
Reply to author
Forward
0 new messages